Malicious file scanner can be downloaded from the internet or created by users on local computers. It can cause a variety of symptoms including slow performance, program crashes or other unintended failures. It can also encrypt files on servers, hijack computers for unauthorized activity, or distribute Distributed Denial of Service (DDoS) attacks.
Security Center detects malware in all kinds of files by analyzing their behavior, file content and other properties. Malware detection is based on heuristics that observe the behavior of a file and its components over time to determine if the behavior is malicious. It is a powerful method to detect malware but it may miss certain behaviors that reveal their malicious nature only when executed.
How to Detect Malicious Files Using a Malicious File Scanner
SDK for malicious file detection uses queues to improve processing capabilities during external request spikes. Increasing the queue length can help prevent timeout errors during high-concurrency scenarios.
Virus scanners produce a detailed report of the suspicious file contents. These reports are shared with the public VirusTotal community so that other scanning engines can use them to identify harmful files. The VirusTotal scan results provide valuable context for threat detection, including the name of the affecting virus, the detection engine, the date of first detection and latest detection, whether download restrictions are imposed, the uploader of the file and its upload location.
You can enable one-click isolation for detected malicious files to isolate them from restores. To do so, select the impacted file or folder and click Isolate. You can also configure automated response to security alerts in a Function App or with Event Grid using Microsoft Sentinel or another SIEM of your choice.